<?php
$type=isset($_GET["type"])?$_GET["type"]:"";
if($type=="logout") 
{
   SetCookie("UID","",time()-3600);
   SetCookie("NAME","",time()-3600);
   header("Location:login.php");
}

$user=htmlentities(isset($_POST["username"])?$_POST["username"]:"",ENT_QUOTES);
$psd=htmlentities(isset($_POST["password"])?$_POST["password"]:"",ENT_QUOTES);
if($user!="" && $psd!="")
{
   include "mysql.inc.php";
   include "user.inc.php";
   $sql="select * from user where NAME='$user' limit 1";
   $m=new CMySQL($dbserver,$dbuser,$dbpsd,$dbname);
   $users=$m->DoQuery($sql);
   if(count($users)==1)
   {
      if($users[0]["PSD"]==md5($psd))
      {
         SetCookie("UID",$users[0]["UID"],time()+3600);
         SetCookie("USERNAME",$users[0]["NAME"],time()+3600);
         header("Location:index.php");
      }
   }
}

?>
<form action=login.php method=POST>
<table width="357" border="1" align="center">
  <tr>
    <th colspan="3" scope="col">LOG IN</th>
  </tr>
  <tr>
    <th width="91" scope="row">USERNAME</th>
    <td width="168"><input type="text" name="username" id="username" /></td>
    <td width="76"><a href=register.php>register now</a></td>
  </tr>
  <tr>
    <th scope="row">PASSWORD</th>
    <td><input type="password" name="password" id="password" /></td>
    <td></td>
  </tr>
  <tr>
    <th colspan="3" scope="row"><input type="submit" name="button" id="button" /></th>
  </tr>
</table>
</form>